Age | Commit message (Collapse) | Author | Files | Lines |
|
Currently we only support full dissection of RTNL netlink messages. For
non-RTNL message we only print the header and omit the data.
Change this behavior and print a full ascii/hex dump of the remaining
data (like it is done in dissector_entry_point() for trailing data after
all known protocols have been processed) to give the user a chance to
still inspect the message content.
Reported-by: Geoff Ladwig <gladwig@verdantnetworks.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Allow other dissectors to access the hex/ascii printing functions with a
raw uint8_t* instead of only through struct pkt_buff.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
nl_nlmsg_flags2str() returns an empty string if the provided flags
argument is 0. Check this condition and display "none" instead to make
the output nicer to read.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
RX stats were not printed because of wrong check on PRINT_NONE.
Fixes: 5f94671f31c040f ("netsniff-ng: Show total rx stats for multi pcap mode")
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Move has_dynamic_elems() to to trafgen_conf.h, rename it to
packet_dyn_has_elems() and use it to check whether dynamic
packet elements are present.
Also change the return type to bool and use || instead of + to
potentially make use of short-circuit evaluation.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
No need to memset the IPv4 pseudo header to 0 as all its members will
explicitly be set. Also reorder the setting of the pseudo header to
match the order of the fields.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Match two arguments to the respective types provided in its only caller
in trafgen.c:main_loop()
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If the C preprocessor is used to parse the packet description, a
temporary file is created which is not deleted if an error occurs during
parsing in compile_packets().
Instead, don't panic() on errors and only print a message, and only
die() once we cleaned up after us.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The return value of xmit_packet_precheck() is always 0 and it calls
panic() in any error cases, so its return value isn't of any use.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
It looks like http://standards-oui.ieee.org/oui.txt is no longer sorted
by OUI, so do in manually when creating oui.conf. Also, it looks like
the file has been converted to use CRLF line endings, so strip those as
well (and any other trailing whitespaces in the vendor name).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add the csumudp6 and csumtcp6 helper functions in order to simplify
checksum generation for TCP/UDP packets sent over IPv6.
trafgen example for TCP over IPv6:
{
/* MAC Destination */
fill(0xff, 6),
/* MAC Source */
0x00, 0x02, 0xb3, drnd(3),
/* IPv6 Protocol */
c16(0x86DD),
/* Version, Traffic Class, Flow Label */
0b01100000, c8(0), c16(0),
/* Payload Length */
c16(54),
/* Next Header (TCP) */
c8(6),
/* Hop Limit */
c8(64),
/* Source IPv6 */
0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xba, 0xac, 0x6f, 0xff, 0xfe, 0xa4, 0x12, 0xe3,
/* Destination IPv6 */
0xfe, 0x80, 0x82, 0x2e, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0xde, 0xff, 0xfe, 0x00, 0x06, 0xde,
/* TCP Source Port */
c16(55042),
/* TCP Destination Port */
c16(55043),
/* TCP Sequence Number */
drnd(4),
/* TCP Ackn. Number */
c32(0),
/* TCP Header length + TCP SYN/ECN Flag */
c16((8 << 12) | (1 << 1) | (1 << 6))
/* Window Size */
c16(16),
/* TCP Checksum (offset IPv6, offset TCP) */
csumtcp6(14, 54),
/* TCP Options */
0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x06,
0x91, 0x68, 0x7d, 0x06, 0x91, 0x68, 0x6f,
/* Data blob */
"foobar!",
}
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Make it more readable.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
s/auxillary/auxiliary/
s/noone/no one/
s/todays/today's/
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
All found using codespell.
s/addres/address/
s/noone/no one/
s/endianess/endianness/
s/Successfull/Successful/
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The size of mmaped netlink packet is equals to its frame size, so
may be different from actual size. It can be checked by the next
nlmsg len is 0 or not, and trim it in that case.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
It would be better to use NLMSG_HDRLEN instead of sizeof(*hdr)
and not to use NLMSG_PAYLOAD to get payload length, I think.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Display them as K->U resp. U->K.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Complete fix for Coverity issue CID 991822, commit 047d69c4e ("curvetun:
Fix issues detected by the Coverity scanner") only fixed one instance of
this issue.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fix two issues detected by the Coverity scanner (CID 991819 & CID
991822)
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Bail out early if we fail to read the current sysctl variable values for
net/netfilter/nf_conntrack_acct and net/netfilter/nf_conntrack_timestamp
Otherwise we'll not be able restore the previous value on exit/panic.
Moreover, if we fail to read the sysctl file, we usually also lack the
permissions to write it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fix typo timestampinf -> timestamping
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add short info about timestamping enabling & connection duration time
feature.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Minor rewordings]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Allow setting start/stop timestamp for new flows by enabling:
/proc/sys/net/netfilter/nf_conntrack_timestamp
on start and resetting it on exit or panic.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Remove unnecessary cast of void pointer]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show flow time duration in human readable form.
Originally submitted by Vadim in a slightly different form.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Don't spread the information over too many documents, this is a first
step to consolidate them a bit.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Allow to collect rx stats for multiple pcap mode, by storing
them in separated variables before switch to the next pcap file.
It allows to have the one approach when dump for single or multiple
pcap(s) mode.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When fixing up a build error introduced by commit 579e8524
("netsniff-ng: vlan: Show vlan info from tpacket v3"), the used
definitions got mixed up and TP_STATUS_VLAN_TPID_VALID ended up not
being checked at all. Fix this up and make the code a bit easier to read
Fixes: 3384ee71 ("netsniff-ng: ring: Fix build if tp_vlan_tpid is not available in kernel header")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Otherwise we clutter the build log with warnings such as:
tput: No value for $TERM and no -T specified
on head-less CI/build systems (e.g. Debian's buildd).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Except for some minor saving in disk space, stripping the binaries
doesn't bring any benefits and it might prevent us from getting usable
debugging information even from binaries build with DEBUG not set. Most
distributions will strip the binaries as part of their packaging process
anyhow.
If someone really wants stripped binaries as a result of the netsniff-ng
build, they could still add '-s' to CFLAGS or call strip manually.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
s/coul/could/
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Otherwise nacl will not get picked up when cross-compiling.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This fixes the following errors when running configure e.g. inside the
OpenEmbedded environment:
./configure: line 23: [: too many arguments
./configure: line 24: [: i586-oe-linux-ld: binary operator expected
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The tp_vlan_tpid member of struct tpacket_auxdata was only added in
kernel commit a0cdfcf39362 ("packet: deliver VLAN TPID to userspace").
Support building netsniff-ng also against kernel headers from earlier
versions.
Fixes: 579e8524 ("netsniff-ng: vlan: Show vlan info from tpacket v3")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show vlan info (vid, prio & proto) from tpacket struct, in separated
line. It might be useful to sniff it in case if vlan reordering is on
(which is by default) and physical (vlan underlying) device supports
vlan offloading.
Meanwhile it uses only v3 tpacket info as location of vlan fields are
different between v2 & v3 (v1 does not have it at all), but current code
only has possibility to check if v3 is used which is not enough.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[ tk: make print format consistent with VLAN dissector ]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add proto_vlan.h with helpers to parse VLAN fields.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add some people to the minor contributors list who were previously
missing. Also sort the list alphabetically to make it easier to keep the
list up to date.
Also move Vadim one position up in the major contributors list according
to the current commit count.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of creating an additional struct flow_entry on the stack just to
use the CP_NFCT macros, call nfct_get_attr_u16() directly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The tprintf module isn't used in flowtop, no need to link it in.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit da8fcdd7 ("netsniff-ng: Add cooked cmdline option.") added the
-w/--cooked command line option but didn't add it to the zsh
completition. Do so now.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show byte/packet counters in the same colors as their direction:
- src in red
- dst in blue
so it will be easiser to identify them by direction.
Also unifed counters printing in one function and changed counters
naming similar to other *_src members of flow_entry struct.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Reverted to using parentheses in printed message]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We should get faster builds by using their new infrastructure.
Reference: http://docs.travis-ci.com/user/migrating-from-legacy/
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fixes curvetun build failure due to undefined reference to
sysctl_get_int in sock.o.
[...]
LD curvetun
curvetun/sock.o: In function `set_system_socket_mem.part.0':
sock.c:(.text+0xc0): undefined reference to `sysctl_set_int'
curvetun/sock.o: In function `set_system_socket_memory':
sock.c:(.text+0x4dd): undefined reference to `sysctl_get_int'
sock.c:(.text+0x505): undefined reference to `sysctl_get_int'
sock.c:(.text+0x52e): undefined reference to `sysctl_get_int'
sock.c:(.text+0x54f): undefined reference to `sysctl_get_int'
collect2: error: ld returned 1 exit status
Signed-off-by: Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Just ignore DNS flows instead of insert it and then
filter it out by presenter.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Do not do reverse DNS for src hostname if '-s' option
is not specified.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Don't hide status bar line when dumping flows but
print "[Collecting flows ...]" on the same line.
Really there is no sense to hide this status bar line.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If a non-privileged user opens a pcap file then netsniff-ng tries to setup
socket memory which causes warnings about failing because of permissions.
So don't tune socket memory in pcap-read-only mode.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add some explanation about traffic counters enabling via
sysctl and its limitation.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Reword some sentences]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show bytes/pkts counters per src/dst direction. By default counters
originated from dst are showed. Src counters are showed only if '-s' is
specified.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Get rid of flushing connections which resets all counters.
Use dump whole ipv4/ipv6 connection tables to fullfill the existing
flows, but this needs to use hand-made flow filtering because
nfct_filter does not work when we do NFCT_Q_DUMP.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|